diff options
| author | Viktor Szakats <vszakats@users.noreply.github.com> | 2016-09-07 10:41:11 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2016-09-07 10:41:11 +0200 |
| commit | 8fa20da8e1a2f38440610221576ff027eb0c7e5e (patch) | |
| tree | bd80e932ac7a9c252859842a92c8607af0810797 | |
| parent | 9ce6d0d52821c6e33506cb173f0e27c68014e60e (diff) | |
mk-ca-bundle.pl: use SHA256 instead of SHA1
This hash is used to verify the original downloaded certificate bundle
and also included in the generated bundle's comment header. Also
rename related internal symbols to algorithm-agnostic names.
| -rwxr-xr-x | lib/mk-ca-bundle.pl | 28 |
1 files changed, 14 insertions, 14 deletions
diff --git a/lib/mk-ca-bundle.pl b/lib/mk-ca-bundle.pl index 01a552e0b..34497230d 100755 --- a/lib/mk-ca-bundle.pl +++ b/lib/mk-ca-bundle.pl @@ -225,33 +225,33 @@ sub parse_csv_param($$@) { return @values; } -sub sha1 { +sub sha256 { my $result; if ($Digest::SHA::VERSION || $Digest::SHA::PurePerl::VERSION) { open(FILE, $_[0]) or die "Can't open '$_[0]': $!"; binmode(FILE); - $result = $MOD_SHA->new(1)->addfile(*FILE)->hexdigest; + $result = $MOD_SHA->new(256)->addfile(*FILE)->hexdigest; close(FILE); } else { # Use OpenSSL command if Perl Digest::SHA modules not available - $result = (split(/ |\r|\n/,`$openssl dgst -sha1 $_[0]`))[1]; + $result = (split(/ |\r|\n/,`$openssl dgst -sha256 $_[0]`))[1]; } return $result; } -sub oldsha1 { - my $sha1 = ""; +sub oldhash { + my $hash = ""; open(C, "<$_[0]") || return 0; while(<C>) { chomp; - if($_ =~ /^\#\# SHA1: (.*)/) { - $sha1 = $1; + if($_ =~ /^\#\# SHA256: (.*)/) { + $hash = $1; last; } } close(C); - return $sha1; + return $hash; } if ( $opt_p !~ m/:/ ) { @@ -283,9 +283,9 @@ my $stdout = $crt eq '-'; my $resp; my $fetched; -my $oldsha1 = oldsha1($crt); +my $oldhash = oldhash($crt); -report "SHA1 of old file: $oldsha1"; +report "SHA256 of old file: $oldhash"; report "Downloading '$txt' ..."; @@ -328,14 +328,14 @@ if(!$filedate) { } # get the hash from the download file -my $newsha1= sha1($txt); +my $newhash= sha256($txt); -if(!$opt_f && $oldsha1 eq $newsha1) { +if(!$opt_f && $oldhash eq $newhash) { report "Downloaded file identical to previous run\'s source file. Exiting"; exit; } -report "SHA1 of new file: $newsha1"; +report "SHA256 of new file: $newhash"; my $currentdate = scalar gmtime($filedate); @@ -362,7 +362,7 @@ print CRT <<EOT; ## Just configure this file as the SSLCACertificateFile. ## ## Conversion done with mk-ca-bundle.pl version $version. -## SHA1: $newsha1 +## SHA256: $newhash ## EOT |